We help businesses make sound risk decisions, providing safety and peace of mind for our clients, their customers, and stakeholders.

C&H Third Party Risk Governance & Assessment Program:

Churchill & Harriman (C&H) Inc. understands that in the current business climate, third party vendor risk is a top-5 enterprise risk. Governance of your third party vendors is a critical issue. We help you meet your brand protection, legal, regulatory, and supply chain obligations, and optimize cost while doing so. In choosing C&H, you are choosing a partner whose proven processes and expertise are currently being employed to help many of the world’s most respected organizations successfully manage all elements of their global third party vendor management program.

We can work in partnership with you to refine your internal processes, including addressing individual business unit level requirements. We have expertise in business consulting to help you align with your internal departmental stakeholders in Compliance, Legal, Procurement and Risk Management. We can develop or refine the criteria upon which you assess your vendors for risk, compliance, and privacy. We also work with you to establish properly tailored risk assessment criteria. We can schedule, conduct, and report on risk assessments while solidifying relationships with your vendors. C&H's solutions will also help you manage enforcement of your enterprise risk management policies in a consistent, repeatable and efficient manner.

With regard to your global vendor universe, we can develop a successful communication program to help you achieve your tactical and strategic objectives. We can develop a program tailored to help you and your vendors to meet requisite requirements and optimize costs. Year over year, beginning in 1997, we have performed thousands of vendor assessments around the world on behalf of our clients. Let us provide you with the benefit of our broad and deep perspective.

Case Studies

Our client's objective was to become certified to ISO 27001 within their Global IT Infrastructure function. They turned to Churchill & Harriman. While consulting our client through the achievement process of certification to ISO 27001, C&H helped the organization harmonize two of five global IT processes into one, crossing departmental boundaries. In addition to resultant cost savings and process efficiencies, our work enabled our client to successfully address a Federal regulatory finding....
read more > >

A publicly traded Business Process Outsourcing Service Provider (BPO) needed to meet security and privacy contractual requirements on a $1B contract with a new customer. Churchill & Harriman was chosen to develop risk (security, privacy, and compliance) criteria upon which our client's vendors were subsequently assessed. Employing the new risk criteria, C&H then conducted several onsite risk assessments on the BPO's vendors located around the globe, enabling the BPO to meet the security and privacy requirements their customer had of them....
read more > >

A major global financial services corporation that provides custody and asset servicing wanted to improve their internal and external risk posture. Churchill & Harriman was engaged for a series of projects. Existing vendor risk assessment criteria were mapped to ISO 27001/2 and BITS Shared Assessments Program elements, thus ensuring our client's compliance with FFIEC guidelines and industry best practices. A new classification system for vendors was established that simplified and reduced the cost to both our client and their vendors. Additionally, a new approach to conducting information security and compliance assessments of the vendor base was developed, resulting in further and significant cost savings for both our client and its vendors....
read more > >

The largest division of a Fortune 50 client engaged Churchill & Harriman to develop and successfully test a comprehensive Business Continuity Plan for them. In addition to delivering the new BC Plan, C&H provided recommendations for improvement in planning, process and Plan execution, leveraging industry best practices including BS 25999. Our recommendations were subsequently provided to our client's Corporate Governance function so that they could be leveraged across their global enterprise....
read more > >

Churchill & Harriman's ongoing contributions have better positioned this Fortune 50 client to meet its global privacy compliance requirements, including Safe Harbor for all of its U.S.-based companies. C&H provides recommendations to our client on addressing the dynamic global landscape of privacy challenges, providing analysis and input on their Enterprise Privacy Program. C&H works in conjunction with other Compliance stakeholders within the enterprise to ensure that our client's Privacy Program investments are optimized, and to lower our client's overall annual cost of compliance....
read more > >

Testimonials

“Churchill & Harriman has provided exceptional support and service across a number of highly visible risk management activities across the globe. You and your team have exceeded my expectations and done so on time and under budget, without exception. C&H conducts themselves with the highest levels of demonstrated competency and integrity on my behalf, recognizing required interdependencies and challenges while working on our critical global initiatives. Most of all, I deeply appreciate the substantive results C&H has produced for my colleagues and me. I recognize this is founded on the open and honest lines of communication I have with you and the C&H team.”

Chief Information Security Officer
Fortune 100 Corporation

"I am happy to endorse Churchill & Harriman to any organization interested in enjoying a close relationship with a risk mitigation consultancy that I consider an important part of my daily business. I can truly state, without hesitation, that Churchill & Harriman provides the highest degree of honesty, integrity and ethics, and has become a vital component to our success."

Director, Worldwide Information Security
Fortune 50 Corporation

"I want to express my appreciation for the outstanding service that your firm [Churchill & Harriman] has provided over the years. I consider you a trusted business partner who takes a deep personal interest in our success, and I appreciate your honesty and integrity."

"Churchill & Harriman has been consulting to us on enterprise-wide business risk mitigation matters for seven years now. We continue to receive the same dedicated service and support from C&H that we received from day one. Few business partners have provided such validated ongoing commitment to customer satisfaction."